IQDB On-Chain Storage
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only Solana storage guide, but users should review wallet signing, real payments, setup dependencies, and permanent on-chain storage before use.
Install only after verifying the external Solana and IQ Labs packages, use devnet or a low-balance wallet first, manually approve any mainnet transaction or x402 payment, and never place secrets or PII on-chain without strong encryption.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A funded wallet could spend SOL or tokens and create permanent on-chain records if the user runs signing examples against mainnet.
The setup uses a local Solana keypair to sign transactions. That is expected for on-chain writes, but it is sensitive wallet authority, especially if used on mainnet.
ANCHOR_WALLET=/path/to/keypair.json # Required — Solana keypair for signing
Use devnet first, prefer a dedicated low-balance wallet, protect the keypair file, and require explicit review before signing transactions.
The user may pay SOL or USDC for file inscription, and the same reference notes payment is non-refundable once inscription starts.
The x402 workflow includes a payment transfer to an address returned by a quote flow. This is core to the paid inscription purpose, but it is a high-impact action that should not be automated without confirmation.
Send the quoted amount to the provided payment address. Standard Solana transfer:
Confirm the service endpoint, quote, destination address, token, and amount before paying, and avoid letting an agent send payments without user approval.
A compromised or unexpected remote installer could affect the local development environment.
The setup guide uses a remote shell installer for the Solana CLI. This is a common installation pattern for developer tooling, but it means code is fetched and executed from outside the skill artifact.
sh -c "$(curl -sSfL https://release.anza.xyz/stable/install)"
Verify the Solana/Anza installer source, review official installation instructions, and consider pinned or package-manager-based installs where possible.
Secrets, keys, PII, or confidential business data could remain publicly recoverable if stored on-chain with only hanLock-style obfuscation.
The skill discusses encoding data before on-chain storage, but the reference makes clear hanLock is obfuscation rather than strong encryption. Since on-chain data can be persistent, weakly protected sensitive content would be hard to undo.
Not a substitute for real encryption. Suitable for obfuscation and casual privacy, not for protecting secrets against determined attackers.
Do not store sensitive data on-chain unless it is strongly encrypted and appropriate for permanent publication; treat hanLock as obfuscation only.